Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Container hardening (revisited): non root in container + no-new-privileges #169

Closed
gmarmstrong opened this issue Jun 11, 2022 · 0 comments · Fixed by #183
Closed

Container hardening (revisited): non root in container + no-new-privileges #169

gmarmstrong opened this issue Jun 11, 2022 · 0 comments · Fixed by #183
Assignees
@deeplow
Labels
security
Milestone
0.3.2

Comments

@gmarmstrong
Copy link
Contributor

User privileges in the container

  • The containers currently run the conversion processes as root (root user of the containers, not of the host). This is easily fixed without causing any issues, at least on macOS, by adding USER user just below RUN adduser [...] user in the Dockerfile. As it stands, the unprivileged user is never actually used. This has been fixed before, but the problem has been reinstated.

Docker/kernel security options

Related discussions
@deeplow deeplow changed the title Container hardening (revisited) Container hardening (revisited): non root in container + no-new-privileges Aug 15, 2022
@deeplow deeplow self-assigned this Aug 15, 2022
deeplow added a commit that referenced this issue Aug 15, 2022
@deeplow
running dangerzone without root in container
4cfba7d 
There was previously a user created in the container but it was not
used via the dockerfile RUN directive (as pointed out by
gmarmstrong[1]).

Fixes #169

[1]: #169 (comment)
@deeplow deeplow mentioned this issue Aug 15, 2022
Merged
@micahflee micahflee added this to the 0.3.2 milestone Aug 17, 2022
deeplow added a commit that referenced this issue Aug 18, 2022
@deeplow
running dangerzone without root in container
07abfae 
There was previously a user created in the container but it was not
used via the dockerfile RUN directive (as pointed out by
gmarmstrong[1]).

Fixes #169

[1]: #169 (comment)
@apyrgio apyrgio mentioned this issue Oct 13, 2022
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@deeplow deeplow

Labels
security
Projects
None yet
Milestone
0.3.2
3 participants
@micahflee @gmarmstrong @deeplow